Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Azure libraries to fix CVE-2023-36415 #929

Merged
merged 3 commits into from
Oct 16, 2023
Merged

Upgrade Azure libraries to fix CVE-2023-36415 #929

merged 3 commits into from
Oct 16, 2023

Conversation

usmansaleem
Copy link
Contributor

@usmansaleem usmansaleem commented Oct 16, 2023
edited
Loading

PR Description

Upgrade Azure libraries to fix CVE-2023-36415. Suppress CVE for azure-identity 1.10.2 to 1.10.9 as it is only applicable on 1.10.1 and lower.

Fixed Issue(s)

Documentation

  • I thought about documentation and added the doc-change-required label to this PR if updates are required.

Changelog

  • I thought about adding a changelog entry, and added one if I deemed necessary.

Testing

  • I thought about testing these changes in a realistic/non-local environment.

@usmansaleem
Upgrade Azure libraries to fix CVE-2023-36415
814443f 
 -- suppress CVE for azure-identity 1.10.2 to 1.10.9 as it is only applicable on 1.10.1 and lower.
@usmansaleem
Update description
a7d7078
@usmansaleem usmansaleem self-assigned this Oct 16, 2023
siladu
siladu approved these changes Oct 16, 2023
View reviewed changes
gradle/owasp-suppression.xml
@@ -13,6 +13,13 @@
<packageUrl regex="true">^pkg:maven/io\.netty/netty*@*.*$</packageUrl>
<vulnerabilityName>CVE-2023-4586</vulnerabilityName>
</suppress>
<suppress>
<notes><![CDATA[
Suppress CVE-2023-36415 as this should only be applicable on version up to but excluding 1.10.2.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is that a mistake in the metadata then? Might be worth adding until if we could eventually remove this suppression, just so we can keep the file clean

@usmansaleem usmansaleem merged commit e7a1d03 into Consensys:master Oct 16, 2023
2 checks passed
@usmansaleem usmansaleem deleted the lib_upgrades branch October 16, 2023 02:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@siladu siladu siladu approved these changes

@jframe jframe jframe approved these changes

Assignees

@usmansaleem usmansaleem

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@usmansaleem @jframe @siladu